New Phishing Attacks Disguised as Replies to Previously Asked Questions

38

Beware! A New Type of Phishing Email Disguises Itself as a Reply to Previously Asked Questions

Cyber criminals have come up with yet another way to get you to open an email. This month’s Comodo Threat Intelligence Lab report has identified a new type of phishing email. According to Comodo, the new scam involves emails disguised as a reply to a previously asked request for information. The emails also appear to come from a legitimate contact or familiar brand, the report says.

A New Type of Phishing Email

The particular phishing email campaign mentioned in the report occurred over a seven hour period on July 6, 2017. And while it lasted less than a day, it was able to target 50 enterprise customers with thousands of users.

The perpetrators of the attack used 585 different servers with IP addresses in North America, Europe, Australia and Turkey. Comodo says the speed and coordination to develop and deploy the attack shows a considerble level of sophistication and advance in phishing evolution.

The emails have been designed to look authentic. And if you are busy, a quick glance might lead you to believe it is a legitimate request. But once you click on the link, you will be directed to a different site, which will deliver its remotely deployed malware payload.

This screenshot shows an example of the phishing attack.

Beware! A New Type of Phishing Email Disguises Itself as a Reply to Previously Asked Questions

Fatih Orhan, head of the Comodo Threat Intelligence Lab and Comodo Threat Research Labs (CTRL), explains:

“Phishing emails come in numerous types and formats. Cyber criminals always find new methods to trick users and convince them to click a “bait” link. This latest method is also an example of how they can be creative to attack enterprise business users.”